Help Me Decide Best combo of FW, HIPS, SB & BB - Your views

Discussion in 'Compare Apps Archive' started by HarborFront, Jan 23, 2017.

  1. TerrakionSmash

    TerrakionSmash Level 16

    Nov 17, 2016
    750
    2,127
    Somewhere underwater or over water. I am water!
    Windows 10
    Microsoft
    I see people say Avast is lighter than Windows Defender and I can also confirm through experience.
     
    Behold Eck, davisd, shmu26 and 3 others like this.
  2. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,392
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    Avast uses less ram but for me at least no way it's lighter. That program eats disk IO like it's breakfast and cpu usage it's not the best i ever saw. As i said you don't need to have WD on you can disable it manually.
     
    davisd, AtlBo, _CyberGhosT_ and 2 others like this.
  3. TerrakionSmash

    TerrakionSmash Level 16

    Nov 17, 2016
    750
    2,127
    Somewhere underwater or over water. I am water!
    Windows 10
    Microsoft
    Hmmm. All part of the world's weirdness, I guess.
     
    davisd, SHvFl, shmu26 and 2 others like this.
  4. Wave

    Wave Guest

    Avast can't be lighter because they have many more components and they also have the ability to intercept program's actions for the HIPS (I believe - if not they have a device driver with callbacks) and all of this increases the time (even if it's only milliseconds and not noticeable) for things to work properly. :)

    They also have a larger database of course, but they probably use the pagefile anyway.
     
    davisd, SHvFl, AtlBo and 3 others like this.
  5. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,170
    27,465
    Retired
    Central US
    Linux Mint
    Default-Deny
    Yeah, what he said.
    Can I get in on this @Wave :(
     
    davisd, SHvFl, AtlBo and 2 others like this.
  6. Evandro

    Evandro Level 2

    Dec 20, 2014
    99
    382
    DBA Oracle Administrator.
    Porto Alegre, Brazil.
    Windows 10
    Doctor Web
    Try Forticlient Free Antivirus man!
    It's very lighter and have a very good protection for me!
     
    davisd, SHvFl and AtlBo like this.
  7. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,143
    4,512
    Qihoo 360
    Could be better than anything I have seen, especially an alert for actions that user has configured to occur. It's something I have been hoping to see from more programs. Remembering the settings choices is hard to do with so many, and this type of alert helps with this and keeps a user aware. I think I would like this type of alert to stand out or be different than the rest in some way.
     
    SHvFl and Yash Khan like this.
  8. erreale

    erreale Level 4

    Oct 22, 2016
    191
    791
    Italy
    Windows 10
    Isolation
    2 Hips and 2 BB are really an overkill. I advise you to remove something.
     
    davisd, Yash Khan, AtlBo and 2 others like this.
  9. Wave

    Wave Guest

    #49 Wave, Jan 23, 2017
    Last edited by a moderator: Jan 23, 2017
    Not only this, but depending on how the products work, they may not even be compatible with each other. For example, if one product uses the same method as another product to intercept the actions then they may end up overriding each other, preventing one of the products from functioning properly.

    Anyway, AdroxideHIPS is more of a mixed set, therefore the Behavior Blocker/HIPS is mixed into one component; some of the functionality which can be enabled fits the description of HIPS more than BB (e.g. preventing host file modifications, preventing AutoRun modifications, etc.), whereas other features fit the description of a BB more than HIPS (e.g. preventing process injection attacks, preventing suspicious file modifications (part of anti-ransomware), preventing master boot record modifications, etc.). Depending on the behavior which is being intercepted will depend on the alert style: if the behavior fits the description of HIPS more than BB then the user will be notified of "suspicious" activity and the alert can be an amber color to represent this, whereas if the behavior is more dangerous and fits the description of a BB than HIPS, the alert can be red to symbolize danger.

    Thank you, hopefully it will be better than anything you've seen before. I will have a database of Trusted Publishers/genuinely clean software and this can be applied to the white-list, and eventually a cloud network for program lookup queries - this will be beneficial to reduce the alerts the user will be getting when they use new software, because nothing is more annoying than having to go through a ton of alerts for software that is clean... But of course I can make it so the user can disable the auto-white-list, and the rules for any program can be changed at any time from the white-list tab so it's not a problem.

    As for the dynamic heuristics, it's purpose isn't to sit there and ask you what you want to do on a certain action; it's purpose is to monitor how the program is operating and only interfere when behavior which can be linked to a specific threat type is identified (such as a worm, rootkit, trojan downloader, phishing, etc.). I guess the dynamic heuristics can also be known as being part of the "behavior blocker" component, however it's all really mixed together as a whole.

    The dynamic heuristics hasn't had as much development time as the mixed BB/HIPS functionality, therefore much more work is needed for it... But once it's complete the results should be pretty neat. If it doesn't work well then I can simply drop it out of the program and introduce it at a later date after release, not a problem.

    Thanks for taking an interest, if you have any more questions then feel free to shoot me a PM as I don't want to hijack this thread any more haha. :)
     
    Behold Eck, davisd, XhenEd and 5 others like this.
  10. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,295
    5,754
    Far East
    Hi

    I'll pm you for some questions

    Thanks
     
    davisd, SHvFl, Yash Khan and 2 others like this.
  11. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,843
    AppGuard LLC Virginia, U.S.
    I work for Blue Ridge Networks now.
     
    davisd, XhenEd, AtlBo and 4 others like this.
  12. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,255
    13,527
    Utopia
    I must admit your new handles fooled me. But I was amazed how all the AppGuard guys think so alike!
     
    davisd, AtlBo, SHvFl and 2 others like this.
  13. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,843
    AppGuard LLC Virginia, U.S.
    #53 Lockdown, Jan 23, 2017
    Last edited: Jan 23, 2017
    Inevitable IT security end-game thinking. It's a non-linear progression for most people, but the end-point is always the same.
     
    davisd, AtlBo, SHvFl and 2 others like this.
  14. Yash Khan

    Yash Khan Level 51

    Oct 22, 2012
    4,055
    8,960
    Thats good to know...Congratulations
     
    davisd, AtlBo, SHvFl and 2 others like this.
  15. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,295
    5,754
    Far East
    #55 HarborFront, Jan 23, 2017
    Last edited: Jan 23, 2017
    Hi everybody

    Very sorry that I misread Avast's SB. In fact, Avast's SB does auto sandboxing (which what I'm looking for) + manual sandboxing

    What does the Avast Sandbox do?

    For Avast product line

    Avast AV free - BB
    Avast AV Pro - BB + SB
    Avast IS - FW + BB + SB

    Notes :-

    1) I'm assuming the new Avast has BB which replaces its HIPS otherwise I'll just take Avast IS if it comes with BB + HIPS (together with FW + SB)
    2) Its SB feature is still around in the new Avast paid products

    My requirement still stands i.e. have a FW + BB + HIPS + SB

    In view of this new found fact my choices have been changed. I prefer to use Avast as my AV which I have good experience with previously

    a) Xvirus Personal Firewall (FW) + Avast AV (BB) + reHIPS (HIPS + SB)
    b) Avast IS (FW + BB + SB) + adroxideHIPS (HIPS + BB) – to disable one BB or leave it if no compatibility issue
    c) PrivateFirewall (FW + HIPS) + Avast AV Pro (BB + SB)

    Kindly comment. Thanks
     
    davisd, SHvFl, AtlBo and 1 other person like this.
  16. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,705
    11,843
    AppGuard LLC Virginia, U.S.
    PrivateFirewall is no longer being developed. The developer only made it possible to install and run on W10 within the past year or so, but it has not received any updates or vulnerability fixes since 2013.
     
    Behold Eck, davisd, SHvFl and 3 others like this.
  17. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,295
    5,754
    Far East
    Yes, I'm aware of that. Also, I have used it in my Win 10 64-bit system before
     
    SHvFl, AtlBo and Yash Khan like this.
  18. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,143
    4,512
    Qihoo 360
    If you must use Private Firewall, install it and run it through the Matousec tests to see what gets through. Then run the Comodo Leak Test and see where it fails. Where PF fails the tests, boost security with other programs to match what is missing with something. Matousec test suite here (ssts 64 test):

    Downloads - www.matousec.com

    Then add somebody's Trust list to a PF export html and reimport the rules. Make it a good list. Follow up with the a-v/BB/SB you want from someplace.

    It would be some work to put this together, but it is necessary if you would like to use PF. I'd like to find the time to configure a security setup around PF and then test some malware...just to see if it's possible to combine PF with any other programs, such as maybe NVT ERP, etc., to achieve full Comodo firewall type protection. I hate protection overlap, and that might be a problem.

    You could probably work with the program if you can do all the above. Still PF HIPs get no help from the program such as a way to define "protected file", or define "protected COMs", or define "protected registry keys"...no options there at all. All this is in Comodo HIPs. Optionally, you could turn off HIPs and just use the net wall. It will give you pop ups and some logging elements.
     
    Yash Khan, davisd, SHvFl and 2 others like this.
  19. Zero Knowledge

    Zero Knowledge Level 5

    Dec 2, 2016
    239
    692
    Dark Cloud Universe
    Just setup a Windows VM and go wild testing out new software.

    Honestly you have zero chance against a well funded highly skilled adversary. No amount of security software will save you.

    My advice would to be buy a 1 AV/Malware suite with exploit protection. Keep up to date on OS/App patches. Use a vpn. Use Dnscrypt. And don't download from unknown sources and never click on mail links.

    Not much more you can do. Just prey to the internet god's and don't piss of a nation state.
     
    Yash Khan, davisd, SHvFl and 3 others like this.
  20. Wave

    Wave Guest

    Well obviously you have to click on links from e-mails sometimes, like when you needed to verify your account to use this forum or forget your password on a website (which handles the recovery via e-mail). However, I think you meant to never click on links or accepr attachments from an e-mail where the sender is not a verified trusted sender, so it's important to watch out for spoof attempts.

    Apart from that, I agree with the tips, pretty nice :)
     
Loading...
Similar Threads Forum Date
Q&A Best AV + other software combo General Security Discussions Aug 1, 2017
Best Free A-V and Firewall Combo by Resources/Protection General Security Discussions Apr 3, 2017
Can Combo Comodo IS +SpyShelter be considered the best free combination General Security Discussions Mar 12, 2016